AI Threat Alert AI Threat Alert

AI Security Threat Feed

Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.

1,624

AI/ML CVEs Tracked

226

Critical

94

New This Week

16

In CISA KEV

Sort: Date CVSS EPSS KEV first Most exploited
Filter: All Critical High Medium KEV only Active exploitation Has patch No patch

Latest AI Security Threats

Showing 20 of 1624 results
Severity CVE ID Summary CVSS EPSS Package Date
HIGH E CVE-2026-33236 nltk: Path Traversal enables file access 8.1 0.0% Mar 19 CRIT E CVE-2025-15031 mlflow: Path Traversal enables file access 9.1 0.4% mlflow Mar 18 HIGH E CVE-2026-33155 deepdiff: DoS causes service disruption 0.1% Mar 18 CRIT E CVE-2026-28500 onnx: Integrity Verification bypass enables tampering 9.1 0.0% onnx Mar 18 UNKN CVE-2026-25083 GROWI: Missing Auth allows unauthorized operations 0.0% Mar 16 HIGH E CVE-2025-14287 mlflow: Code Injection enables RCE 7.5 0.3% mlflow Mar 16 MEDI GHSA-5cxw-w2xg-2m8h fickling: Allowlist Bypass evades input filtering fickling Mar 13 MEDI GHSA-r48f-3986-4f9c fickling: Allowlist Bypass evades input filtering fickling Mar 13 CRIT E CVE-2026-30741 OpenClaw: RCE via request-side prompt injection 9.8 0.4% openclaw Mar 11 HIGH E CVE-2026-31829 Flowise: SSRF via HTTP Node exposes internal network 8.8 0.1% flowise-components Mar 10 CRIT E CVE-2026-27825 mcp-atlassian: Path Traversal enables file access 9.1 0.0% mcp-atlassian Mar 10 HIGH E CVE-2026-27826 mcp-atlassian: SSRF allows internal network access 8.2 0.1% mcp-atlassian Mar 10 CRIT E CVE-2026-25960 vllm: SSRF allows internal network access 9.8 0.0% vllm Mar 9 CRIT E CVE-2026-30824 Flowise: auth bypass exposes NVIDIA NIM container endpoints 9.8 9.4% flowise Mar 7 UNKN E CVE-2026-30823 Flowise: IDOR enables account takeover and SSO bypass 0.0% flowise Mar 7 UNKN E CVE-2026-30822 Flowise: mass assignment allows unauthenticated DB injection 0.3% flowise Mar 7 CRIT E CVE-2026-30821 flowise: Arbitrary File Upload enables RCE 9.8 0.2% flowise Mar 7 HIGH E CVE-2026-30820 Flowise: header spoof auth bypass exposes admin API & creds 8.8 0.1% flowise Mar 7 MEDI CVE-2026-2589 Greenshift: Info Disclosure leaks sensitive data 5.3 0.0% Mar 6 CRIT CVE-2026-28451 OpenClaw: SSRF via Feishu extension exposes internal services 9.3 0.0% openclaw Mar 5

Need deeper analysis?

Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.

Start 14-Day Free Trial